You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/01/08 15:46:16 UTC

[GitHub] ivankelly opened a new issue #3333: TLS Hostname verification doesn't get disabled if using https lookup in PulsarClient

ivankelly opened a new issue #3333: TLS Hostname verification doesn't get disabled if using https lookup in PulsarClient
URL: https://github.com/apache/pulsar/issues/3333
 
 
   **Describe the bug**
   If you connect to a broker using a https lookup url, and the cert doesn't match the hostname, and hostname verification is disabled, it will complain about the hostname.
   
   **To Reproduce**
   Steps to reproduce the behavior:
   1. Configure a cluster with TLS authentication. The broker hostname shouldn't match the cert CN.
   2. 
   ```java
   PulsarClient.builder()
               .serviceUrl("https://BROKER_HOSTNAME:8443")
               .enableTlsHostnameVerification(false)
               .authentication("org.apache.pulsar.client.impl.auth.AuthenticationTls",
                                        "tlsCertFile:PATH_TO_CERT,tlsKeyFile:PATH_TO_KEY")
               .tlsTrustCertsFilePath(PATH_TO_CA).build();
   ```
   3. The  client will fail to connect and give an error about the hostname.
   
   **Expected behavior**
   It shouldn't try to verify the hostname.
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services